summaryrefslogtreecommitdiff
path: root/docs/gdm-manual.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/gdm-manual.txt')
-rw-r--r--docs/gdm-manual.txt352
1 files changed, 352 insertions, 0 deletions
diff --git a/docs/gdm-manual.txt b/docs/gdm-manual.txt
new file mode 100644
index 00000000..b4b883b1
--- /dev/null
+++ b/docs/gdm-manual.txt
@@ -0,0 +1,352 @@
+
+The Gnome Display Manager
+
+1. Theory of operation
+
+gdm is a replacement for xdm, the X Display Manager. Unlike its
+competitors (x3dm, kdm, wdm) gdm was written from scratch and does not
+contain any original xdm code.
+
+gdm was written with simplicity and security in mind. The overall
+design concept is this:
+
+When gdm starts it parses the config file gdm.conf. For each of the
+local displays gdm forks a slave process. The main gdm process will
+listen to XDMCP requests from remote displays and monitor the local
+display sessions.
+
+The gdm slave process starts an Xserver according to information read
+from the config file. gdm sets up proper X authentication and starts
+up the greeter window requesting the user for login and password.
+
+The gdm master and slave processes are deliberately kept small and
+they are believed to be secure. The program providing the user
+interface is significantly more complex and is linked to several
+unaudited libraries. Therefore it runs as a dedicated gdm user and
+communicates with gdm through a pipe.
+
+
+2. Overview of the config directory.
+
+The configuration files for gdm are located in the <prefix>/etc/gdm/
+directory.
+
+This is a listing of the config directory contents:
+
+ Init/
+ PostSession/
+ PreSession/
+ Sessions/
+ gdm.conf
+
+gdm.conf is the main gdm configuration file. The options will be
+described later in this document.
+
+The remaining configuration is done by dropping scripts in the
+subdirectories of the gdm folder. This approach makes it easy for
+package management systems to install window managers and different
+session types without requiring the sysadmin/user to edit files.
+
+In this section we will explain the Init, PreRoot and PostRoot
+directories as they are very similar.
+
+When the X server has been successfully started, gdm will try to run
+the script called Init/<displayname>. I.e. Init/:0 for the first local
+display. If this file is not found, gdm will attempt to to run
+Init/Default. The script will be run as root and gdm blocks until it
+terminates. Use the Init/* script for programs that are supposed to
+run alongside with the gdm login window. xconsole for
+instance. Commands to set the background etc. goes in this file too.
+
+It is up to the sysadmin to decide whether clients started by the Init
+script should be killed before starting the user session. This is
+controlled with the KillInitClient option in gdm.conf.
+
+When the user has been successfully authenticated, gdm tries to run
+the PreSession script. Similar to the Init-scripts,
+PreSession/<displayname> will be executed first, if that is not found
+gdm will attempt to run PreSession/Default. The script will be run as
+root and gdm blocks until it terminates. Use this script for local
+session management or accounting stuff. The USER environment variable
+contains the login of the authenticated user. The script should return
+0 on success. Any other value will cause gdm to terminate the current
+login process.
+
+Then the session script is run. Session scripts are located in the
+etc/gdm/Session directory. Which one gdm runs depends on the session
+the user chose in the Sessions-menu in the gdm greeter. If no session
+is selected and the user has no last session stored in his
+~/.gnome/gdm file, the system will choose or first script found or --
+if Sessions/Default exists -- this will be run. For instance you can
+create a symlink from Gnome to Default to make Gnome the default
+desktop environment.
+
+When the user terminates his session the PostSession script will be
+run. Operation is similar to Init and PreSession. That is, gdm will
+attempt to execute the script PostSession/<displayname> and if that
+doesn't exist: PostSession/Default. Again the script will be run with
+root priviledges, gdm will block and the USER environment variable
+will contain the name of the user who just logged out.
+
+Neither of the Init, PreSession or PostSession scripts are necessary
+and can be left out. At least one session script is required for
+proper operation.
+
+
+3. The Login Window
+
+gdm supports two different login modes (which happen to be selected
+by changing greeter programs).
+
+
+The gdmlogin program is a bare bones gui application providing only a
+few menus and a login prompt. A graphical version of the textmode
+login program, if you wish.
+
+gdmlogin was designed for use in environments, where usernames can't
+be exposed.
+
+
+gdmgreeter is slightly more powerful. It consists of a browser window
+containing faces of all users on the system.
+
+~user/.gnome/photo is expected to contain an Imlib supported
+image. gdmgreeter will scale down large images to the sysadmin
+specified maximum.
+
+
+4. The config file
+
+
+4.1 Section: [appearance]
+
+LogoImage=@pixmapdir@/gnome-logo-large.png
+ Filename to display in the logo box. The image must be in an
+ Imlib supported format and it must be readable for the gdm
+ user.
+
+Quiver=1
+ Controls whether gdmgreeter should shake the display when an
+ incorrect username/password is entered. Default: 1.
+
+Iconify=1
+ The greeter window can be iconified (For TV and fish). You can
+ turn the iconify option off by setting this to 0. Default: 1.
+
+IconFile=@pixmapdir@/gdm.xpm
+ File to use for gdmgreeter when it's in iconified state. The
+ image must be in an Imlib supported format and it must be
+ readable for the gdm user.
+
+Gtkrc=
+ Path to a gtkrc containing the theme for use in
+ gdmgreeter/gdmlogin/gdmchooser.
+
+NoFaceImage=@pixmapdir@/nophoto.png
+ (Only used by gdmgreeter)
+
+ Default icon file for users without a personal picture in
+ ~/gnome/photo. The image must be in an Imlib supported format
+ and it must be readable for the gdm user.
+
+GlobalImageDir=@datadir@/faces/
+ (Only used by gdmgreeter)
+
+ Systemwide directory for icon files. The sysadmin can place
+ icons for users here without touching their homedirs. The
+ iconname represents a user name. I.e. GlobalImageDir/johndoe
+ would contain the icon for the user johndoe (No
+ extension!). The images must be in an Imlib supported format
+ and they must be readable for the gdm user.
+
+ A user's own icon file will take precedence over the sysadmin
+ provided one.
+
+
+4.2 Section: [system]
+
+ShutdownMenu=0
+ Turns the Shutdown/Halt menu on/off. Default: 0
+
+SuspendCommand=
+ If specified a Suspend item will appear in the System menu in
+ gdmgreeter. The command specified here will be executed
+ asynchronously. Please use full path!
+
+ For instance
+
+ SuspendCommand=/usr/bin/apm --suspend
+
+UserFileCutoffSize=65535
+ User files larger than this value (in bytes) will be ignored
+ by gdm/gdmgreeter. Handy for users putting gigantic pictures
+ in their ~/.gnome/photo.
+
+ In addition to the size check both gdm and gdmgreeter are
+ extremely picky about accessing files in user directories.
+ Neither will follow symlinks and they refuse to read files and
+ directories writable by other than the owner.
+
+UserIconMaxWidth=128
+UserIconMaxHeight=128
+ Specifies the maximum icon sizes in the face browser.
+
+DefaultPath=@bindir@:/usr/local/bin:/usr/bin/X11:/usr/bin:/bin
+ Specifies the path which will be set in the user's session.
+
+VerboseAuth=0
+ Specifies whether gdm should print authentication
+ errors. Depending on authentication type usernames might be
+ exposed when this option is on.
+
+AllowRoot=0
+ Set to 1 to enable root logins.
+
+RelaxPermissions=0
+ By default gdm ignores files/dirs writable to other users than
+ the owner.
+
+ Changing the value of RelaxPermissions makes it possible to
+ alter this behaviour:
+
+ 0 - Paranoia option. Only accepts user owned files and dirs.
+ 1 - Allow group writable files/dirs
+ 2 - Allow world writable files/dirs
+
+RetryDelay=3
+ The number of seconds gdm should wait before reactivating the
+ entry field after a failed login.
+
+
+4.3 Section: [messages]
+
+Welcome=Welcome to %h
+ Controls which text to display next to the logo image in the
+ greeter.
+
+ `%h' will be expanded to the hostname
+ `%d' will be replaced by the display's hostname
+ `%%' will print the %-character
+
+
+4.4 Section: [daemon]
+
+SessionDir=@sysconfdir@/gdm/Sessions
+ Directory containing the Session scripts.
+
+PidFile=/var/run/gdm.pid
+ Name of the gdm daemon pidfile.
+
+Greeter=@bindir@/gdmgreeter
+ Path and name of the login program executable.
+
+ @bindir@/gdmlogin for the secure login window.
+
+ @bindir@/gdmgreeter for the face browser.
+
+Chooser=@bindir@/gdmchooser
+ Path and name of the gdmchooser executable.
+
+User=gdm
+ The username under which gdm is run.
+
+Group=gdm
+ The group id under which gdmgreeter is run.
+
+DisplayInitDir=@sysconfdir@/gdm/Init
+ Directory containing the Init scripts.
+
+KillInitClients=1
+ Determines whether gdm should kill X clients started by the
+ Init scripts when the user logs in. Default: 1.
+
+PreSessionScriptDir=@sysconfdir@/gdm/PreSession
+ Directory containing the PreSession scripts.
+
+PostSessionScriptDir=@sysconfdir@/gdm/PostSession
+ Directory containing the PostSession scripts.
+
+AuthDir=@authdir@
+ Directory containing the X authentication files for the
+ displays. Should be owned by gdm.gdm with permissions 750.
+
+LogDir=@authdir@
+ Directory containing the log files for the displays. By
+ default this is the same as the AuthDir.
+
+
+4.5 Section: [servers]
+
+0=/usr/bin/X11/X
+1=/usr/bin/X11/X -bpp 8
+
+ Control section for local X servers. Each line indicates the
+ local display number and which command needs to be run to
+ start the X server(s).
+
+
+4.6 Section: [xdmcp]
+
+Enable=1
+ Enables XDMCP support allowing remote displays/X terminals to
+ be managed by gdm.
+
+ gdm listens for requests on UDP port 177. Access from remote
+ displays is controlled by the TCP Wrappers library. The
+ service name is `gdm'.
+
+ You should add
+
+ gdm: .my.domain
+
+ or something similar to /etc/hosts.allow. See the
+ hosts_access(5) man page for details.
+
+ Please note that XDMCP is not a particularly secure protocol
+ and that it is a good idea to block UDP port 177 on your
+ firewall unless you really need it.
+
+MaxPending=4
+ To avoid denial of service attacks, gdm has fixed size queue
+ of pending connections. Only MaxPending displays can start at
+ the same time.
+
+ Please note that this parameter does *not* limit the number of
+ remote displays which can be managed. It only limits the
+ number of simultaneous displays initiating a connection.
+
+MaxManageWait=20
+ When gdm is ready to manage a display an ACCEPT packet is sent
+ to it containing a unique session id which will be used in
+ future conversations.
+
+ gdm will then place the session id in the pending queue
+ waiting for the display to respond with a MANAGE request.
+
+ If no response is received within MaxManageWait seconds, gdm
+ will declare the display dead and erase it from the pending
+ queue freeing up the slot for other displays.
+
+MaxSessions=4
+ Determines the maximum number of remote display connections
+ which will be accepted.
+
+Port=177
+ The UDP port number gdm should listen to for XDMCP requests.
+
+
+4.7 Section: [chooser]
+
+ImageDir=@datadir@/hosts
+ Repository for host icon files. The sysadmin can place icons
+ for remote hosts here and they will appear in gdmchooser.
+
+ The file name must match the FQDN for the host (No extension!).
+ Icons must be in an Imlib supported format and must be
+ readable to the gdm user.
+
+DefaultImage=@pixmapdir@/nohost.png
+ File name for the default host icon.
+
+
+$Id$
View Lorry Controller Status